Since Core Update 61 the OpenVPN Management Interface is integrated into the OpenVPN WUI page to provide the status information for each connection.
In the configuration set up in IPFire the management interface information is only available for localhost and is provided to the WUI only.
The only way to stop this message would be to add a password in for the management interface which would mean that you get no status info for your connections, such as CONNECTED, DISCONNECTED, AUTH etc. Each time you would want to know what the status was you would need to enter a password to get the status information for that connection.
As it is local host only then it is only available to the IPFire system itself and to access it a user/attacker would have to be able to login to the IPFire terminal as root or be able to access the WUI, but then only for the status info shown in the connection status entries.
If you don’t specify a management port then it uses the Destination port by default. This is written alongside the Management Port entry box.
I have n2n set up in my vm testbed for testing and development purposes the default value seemed fine to me.
This is because the configuration file that is created in the zip file has the entry
script-security 2
which means that OpenVPN n2n is allowed to call built-in executables and user-defined scripts. The built in executables allowed to be called are programs such as ifconfig, ip or route.
If you don’t want to see that message then change the value in your conf file for both the server and the client from 2 to 0.
This value means Strictly no calling of external programs, so if you are happy with that then you can change the entry in the two conf files for the n2n connection.